I'm closing it here since it is specific to that strategy rather than Passport generally. As a workaround, I'd try switching to Google's OAuth 2.0 implementation, which is supported by passport-google-oauth. Google seems to be recommending that as their preferred approach for authentication..